搜索结果

×

搜索结果将在这里显示。

FortiGate

查看系統狀態

get sys status

查看硬件配置

get hardware status

查看性能(CPU使用率有多高)

get system performance status

显示每一个进程各自的占用率(為什麼CPU使用率高)

diagnose sys top 1

显示总占用率

diagnose sys top-summary

查看arp表

get sys are

查看會話表

get system session list

查看路由表

get router info routing-talbe all

查看路由狀態

get router info routing-table all

查看看路由表

get router info routing all

查看ha狀態

get system status

清除arp表

exec clear system arp table

執行常用命令

exec ping /traceroute /ssh /ssh  /telnet

查看接口配置

show full-configuration system interface

查看防火墻策略

show firewall policey

看看防火墙配置

show system setting

查詢系統進程

diagnose sys top-sum

查看物理接口信息

get hardwrae nic <prot>

SFP/SFP+ 接收的信息强度

get system interface transceiver

arp表

diagnose ip arp list

网络层故障排查

execute ping-options
  • data-size Integer value to specify datagram size in bytes.
  • df-bit Set DF bit in IP header <yes | no>.
    -interval Integer value to specify seconds between two pings.
  • repeat-count Integer value to specify how many times to repeat PING.
  • source Auto | .
  • timeout Integer value to specify timeout in seconds.
  • tos IP type-of-service option.
  • ttl Integer value to specify time-to-live.

ping

execute ping {<ipv4_address> | <host_fqdn>}

tracert

execute traceroute {<ipv4_address> | <host_fqdn>}

FortiOS硬件测试命令

diagnose hardware test suite all

查看crash log用于调试,进程关闭时,记录为killed, 一些是normal (例如:关闭scanunit 更新签名库),也会记录保护模式事件。

diagnose debug crashlog read

進程狀態

正常
• S: Sleeping
• R: Running
• D: Do not Disturb; 等待某个处理结束,如disk I/O
异常
• Z: Zombie

備機切換

diagnose system ha reset-uptime

設定

- config alertemail setting     #設定郵件發送
- config system global #配置狀態
- set gui-firmware-upgrade-warning  disable #關閉防火墻 登錄後因固件未升級的提示想到

抓包

diagnose  sniffer packet any " host 192.168.67.13 and port 69 " 4 0 1  #樣例
diag sni pac any 'host x.x.X.x'4 #参数4显示接口名和收发(进出)方向,ctrl+c停止抓包
diag sni pac any 'host x.x.x.x and icmp'4 #抓取ICMP类型的数据
diag sni pac any 'host x.x.x.x and esp'4 4#抓取ESP类型的数据
diag sni pac any 'host x.X.X.X and y.y.y.y' #抓取两个接口的ICMP数据
diag sni pac any 'host x.x.x.x and port 8080'4 #抓取8080端口的数据

抓會話:

- diag sys sessions fi policy 19 #過濾
- diag sys sesions list #顯示
- diag sys session fi  policy 41 #清理會話 過濾
- diagnose sys session filter  #會話表過濾
- diag sys session clear #清理

Link-Monitor

config system link-monitor  //檢測
    edit "YiDong"
        set srcintf "wan1"
        set server "221.179.79.49" "223.5.5.5"
        set source-ip 221.179.79.50
    next
    edit "DianXin"
        set srcintf "wan2"
        set server "61.142.64.1" "223.5.5.5"
        set source-ip 61.142.64.2
    next
end

Debug Flow 显示CPU一步一步的对数据包进行处理,如果数据包被丢弃,会显示原因.

- diagnose debug flow show console enable #开启控制台输出
- diagnose debug flow filter <filter> #指定过滤器
- diagnose debug enable #开启debug输出
- diag debug flow trace start [number_of_packets] #开始trace
- diagnose debug flow trace stop #停止trace
Forti相關
发布时间: